In This Section: |
For more information about the Multiple Security Groups, see the R76SP.50 Administration Guide.
This section provides specific upgrade steps from the existing release to the new release with the support of Multiple Security Groups.
The Multiple Security Groups feature lets you configure more than one Security Group on the same Scalable Platform.
Example:
Example:
To support Multiple Security Groups in R76SP.50, it is mandatory to install these on your Scalable Platform:
Important - Multiple Security Groups feature is not supported in R76SP.50 Build 84 and R76SP.50 Jumbo Hotfix Accumulator Takes 16 - 105. It is mandatory to re-image the SGMs with the required R76SP.50 Take and install the required Jumbo Hotfix Accumulator Take. If you only install the required Jumbo Hotfix Accumulator on top of R76SP.50 Build 84, attempt to enable Multiple Security Groups is blocked.
Important Note for VSX Virtual System Load Sharing mode - The upgrade procedure requires to change the configuration from the VSX Virtual System Load Sharing mode to the VSX High Availability mode. After the upgrade procedure is complete, manually configure the system from the VSX High Availability mode back to the VSX Virtual System Load Sharing mode.
The upgrade procedure below applies to Dual Chassis setup.
Step |
Operation |
Command |
1 |
Make sure that your Management Server runs version R76 or higher. If not, upgrade your Management Server. |
|
2 |
Back up your 60000/40000 Security Platform. |
|
2a |
On each Chassis, create a snapshot of one SGM. Note - Run the commands on an arbitrary SGM on Chassis A and on Chassis B. |
|
2b |
On each Chassis, make sure that the snapshot was created successfully. |
|
2c |
On each Chassis, export the snapshot. |
|
2d |
On each Chassis, copy the exported snapshot to an external media or a remote server:
|
|
2e |
On each Chassis, collect configuration settings and system status information into a data file:
|
|
3 |
On a Chassis in VSX VSLS mode only: Change the VSX mode from the VSLS to the High Availability. |
|
4 |
Download the R76SP.50 ISO image required for Multiple Security Groups from the R76SP.50 60000/40000 Security Platforms Home Page. You need this image during the upgrade procedure. |
|
Step |
Operation |
Command |
5 |
Set Chassis B to administratively DOWN state. |
|
6 |
On Chassis B, perform a Clean Install of the required R76SP.50 ISO on each SGM. |
Install the image on all the SGMs at the same time, or create a bootable USB media for each SGM. |
7 |
On Chassis B, wait until all members are in UP state and enforcing policy. |
|
8 |
On Chassis B, reset the SSMs to factory default. Important - Run these commands from a serial connection on Chassis B. This reset interrupts all traffic, including the SSH. |
|
9 |
On Chassis B, install the required Jumbo Hotfix Accumulator. |
|
9a |
Copy the installation
|
|
9b |
Create a temporary directory on the SMO in the |
If such temporary directory already exists, first delete it with this command: |
9c |
Extract the |
|
9d |
Start the Jumbo Hotfix Accumulator installation script. Important - Make sure to run the script from Chassis A and not Chassis B. |
|
10 |
Make sure all SGMs show the correct version. Note - SGMs on Chassis A show as failed because at this time, SGMs on Chassis A and SGMs on Chassis B have different versions. This is normal. Continue to the next step. |
|
11 |
Set Chassis B to administratively UP state. |
|
12 |
On Chassis B, run the diagnostics. |
|
13 |
Make sure that Chassis B is UP and enforces security policy. Important - You must correct all errors shown by the diagnostics before you continue to the next step. |
|
Step |
Operation |
Command |
14 |
Set Chassis A to administratively DOWN state. |
|
15 |
On Chassis B, make sure that all SGMs are UP, and that traffic flows normally. Important - Make sure Chassis B works correctly before you upgrade Chassis A. |
|
Step |
Operation |
Command |
16 |
Set Chassis A to administratively DOWN state. |
|
17 |
On Chassis A, perform a Clean Install of the required R76SP.50 ISO on each SGM. |
Install the image on all the SGMs at the same time, or create a bootable USB media for each SGM. |
18 |
On Chassis A, wait until all members are in UP state and enforcing policy. |
|
19 |
On Chassis A, reset the SSMs to factory default. Important - Run these commands from a serial connection on Chassis A. This reset interrupts all traffic, including the SSH. |
|
20 |
On Chassis A, install the required Jumbo Hotfix Accumulator. |
|
20a |
Copy the installation
|
|
20b |
Create a temporary directory on the SMO in the |
If such temporary directory already exists, first delete it with this command: |
20c |
Extract the |
|
20d |
Start the Jumbo Hotfix Accumulator installation script. Important - Make sure to run the script from Chassis A and not Chassis B. |
|
21 |
Make sure all SGMs show the correct version. Note - SGMs on Chassis B show as failed, or show a previous version. This is normal. Continue to the next step. |
|
22 |
Set Chassis A to administratively UP state. |
|
23 |
On Chassis A, run the diagnostics. |
|
24 |
Make sure that Chassis A is UP and enforces security policy. Important - You must correct all errors shown by the diagnostics before you continue to the next step. |
|
Step |
Operation |
Command |
25 |
Set Chassis B to administratively DOWN state. |
|
26 |
On Chassis A, make sure that all SGMs are UP, and that traffic flows normally. |
|
Step |
Operation |
Command |
26 |
Make sure all SGMs show the correct version. |
|
27 |
On a Chassis in VSX VSLS mode only: Change the VSX mode from the High Availability to the VSLS. |
|
28 |
Make sure all SGMs and SSMs are up to date, and that the system is configured correctly. |
|
Follow the instructions in the R76SP.50 Administration Guide - Chapter 60000/40000 Security Platforms - Section Multiple Security Groups.